Train together, save more! 10% off individual registration, 20% off for pairs.
×
(+212) 6 60 10 42 56
Log in
Forgot password
Or create your account
You have just added to your selection
Your cart is empty, See our trainings

Description

This cycle will provide you with all the knowledge necessary to define and implement the company's security policy. You will learn to meet security requirements in IT communications and information system architecture. This cycle will also deal with ISO standards relating to this area, with a particular focus on risk analysis and the implementation of a backup and continuity plan.

Who is this training for ?

For whom ?

Engineers, experts, IT consultants.

Prerequisites

Good knowledge of computer systems and networks.

Training objectives

  • Know the different areas of IS security
  • Carry out a security risk analysis
  • Secure the network and applications
  • Define a backup and continuity plan

    • Training program

      • The notion and types of risk (potentiality, impact, accident, error, malicious intent).
      • The DIC classification.
      • Risk management (prevention, protection, risk transfer, outsourcing).
      • CISO, conductor of security.
      • Role and responsibility.
      • Normative and regulatory frameworks.
      • Towards IT governance, links with ITIL and CMMI.
      • The ISO standard in a management systems approach.
      • ISO 27001 certification.
      • Risk analysis.
      • How to build your own threat/vulnerability knowledge base? Active methods: EBIOS/FEROS, MEHARI.
      • Security audits.
      • Best practices of standard 19011 applied to security.
      • Implement an awareness and communication plan.
      • The security charter, its legal existence, its content, its validation.
      • Risk coverage.
      • Backup, continuity, recovery and crisis management plans.
      • Design optimal solutions.
      • Approach to security solutions adapted to each action.
      • Defining a target architecture.
      • Choose between IDS and IPS, content control as a necessity.
      • Deploying a PKI project, the pitfalls to avoid.
      • Authentication techniques, SSO, identity federation.
      • Legal principles applicable to IS.
      • Tort and contractual liability .
      • Recommendations for legal IT security.
      • Cyber ​​surveillance of employees, legal limits and constraints.
      • Evolution of cybercrime. New uses (Web 2.0, virtualization, Cloud Computing, etc.) and associated risks.
      • - TCP-IP intrusion tools and methods. Attacks applications (DNS, HTTP, SMTP, etc.).
      • - Security of client workstations. Threats: backdoor, viruses, rootkit... The role of the personal firewall and its limits.
      • - Wireless security (Wi-Fi and Bluetooth). Specific attacks (Wardriving, WEP and EAP vulnerabilities).
      • - Firewall and proxy technology. Evolution of the Firewall offer (appliance, VPN , IPS, UTM...).
      • - Cryptographic techniques. Public key algorithms: Diffie Hellman, RSA... Sealing and electronic signature.
      • - Security for the Intranet /Extranet. Attacks on SSL/TLS (sslstrip, sslnif...). LDAP directory and security - Virtual Private Networks (VPN).
      • The main application attack techniques (buffer overflow, XSS, SQL Injection, session theft).
      • The SDL (Security Development Lifecycle) process.
      • Using the
      • Security-oriented code review tools.
      • The Application Firewall (WAF).
      • Hardening and verification integrity.
      • Active security management and supervision.
      • Security dashboards.
      • The ISO 27004 standard.
      • The missions of the CISO in monitoring security.
      • Security audits (technical or organizational).
      • Vulnerability tests or intrusion tests.
      • Record evidence and respond effectively.
      • Keep informed of new vulnerabilities.
      • Manage upgrades.
      • Knowing how to react in the event of incidents.
      • Essential services: where to find them?
      • Reminders on ISO 27000 terminologies.
      • Identification and classification of risks.
      • Risk analysis according to ISO.
      • Risk analysis methods EBIOS 2010 and MEHARI 2010.
      • Other international methods.
      • How to choose the best method based on examples and practical case studies? rnA global method or a project method.
      • The true cost of a risk analysis.
      • The challenges for the company of a continuity strategy: laws and regulations, norms and standards.
      • Define the continuity strategy.
      • The phases of 'a continuity plan project.
      • Risk analysis for the continuity plan.
      • Identification of critical activities.
      • The elements and budget to develop the scenarios.
      • Rescue teams: constitution, roles.
      • The principles of triggering the emergency plan.
    • 890
    • 84 h

    Submit your review

    Training in our centers
    Reference
    PL-76
    Duration
    12 Days ( 84 hrs)
    Request a quote
    Training in your company
    Reference
    PL-76
    Duration
    12 Days ( 84 h)
    Request a quote
    On-demand training

    Interested in this topic? Our experts design your customized training!

    Contact us
    Translated By Google Translate